The Mother of All Hacks and What You Must Do About It

by Kevin D. Freeman on May 14, 2017

Click the map to see the live map at MalWareTech

With all due respect to Mother’s Day weekend, there is really no choice other than to label this weekend’s global cyber attack as anything but, “the Mother of All Hacks.” If you operate a Windows-based computer, you should definitely pay attention. Even if you prefer Apple, there are things you should learn from this. Plenty of news reports on this fast-spreading computer virus can keep you updated so we won’t dwell on all the messy details about how the largest hack in history happened. But we will pull out what should be viewed as the most critical points and  then discuss what you can and should be doing about it.

First, let’s recognize the scope and speed with which this cyber pandemic made it around the globe. An early count shows 200,000 victims (including some pretty big name companies) in 150 countries. Each of these 200,000 faces a persistent ransomware requiring a payment or the permanent loss of files. For those who haven’t quite kept up with the news, imagine opening your computer to the following screen:

Now, imagine this same screen replicated at least 200,000 times, and that may be just the beginning. If all 200,000 paid the $300 demand, the total take would be $60 million. That’s a decent sum but not overwhelming, far less than the weekend box office for a blockbuster movie. It seems, however, that the intended take was substantially larger. And, this initial attack was just a drop in the bucket of what could have happened, what may happen yet, and what will certainly happen at some point.

The second point is that even though it is all about the money, the collateral damage could be extraordinary. One of the most serious victims has been England’s National Health System (NHS). If systems fail at hospitals, people can die. Fortunately, it appears that the current attack, at this point, is targeting control of files rather than operations. But a phase two cannot be ruled out. Just imagine if the hacker demanded ransom or else he would poison the water supply or release a human pathogen. We already know of the risk to the electric grid and other critical infrastructure. Some estimates suggest that a persistent long-term (year or more) failure of the electric grid could result in loss of up to 90% of the American population. In such cases, the demands could be measured in the billions of dollars per incident.

The third point is the recognition that the tools used for this latest attack appear to be those leaked by Shadow Brokers and taken from the NSA. We recently warned about this when discussing the risk to the SWIFT international banking transfer system. The tools were commercialized for mass distribution rather than targeted to a specific victim. The current exploit is known as ExternalBlue. What should be most concerning is that this is a single tool from what are no doubt full tool boxes developed by NSA and their counterparts around the world.

The fourth point is that this attack is not over. It was temporarily interrupted by a fluke. There was not a guaranteed “on the shelf” remedy ready to stop this pandemic once started. Or, if there was, it was not being released. Just imagine that. What if a military created a cyber virus and then kept the “cure” a secret to maintain the value of the weapon. Sounds sort of like a high-tech version of the Dustin Hoffman film, Outbreak. But, there are ways to protect yourself as we will describe at the end of this Blog.

The fifth point is that while these were nation-state level tools, this has been criminal activity so far. Just imagine the damage that could be inflicted if the purpose was to wage war rather than to make money. This would be warfare at a whole new level. And, these weapons do not require an army. There may be just a few hackers behind this horrendous breach of 200,000 computers in 150 countries. Terror groups have attempted to acquire such weapons and have hired hackers to build them.

The sixth point is that sometimes the only answer is to pay the demand. The FBI won’t directly tell you to do that but then they sort of have already. What this reinforces is that there isn’t a simple or inexpensive antidote to the infection.

The seventh point is that no one is really immune. It all depends on the weakest link in a chain and if one trusted computer or device gets infected, the infection can spread rapidly even to otherwise well-defended devices.

One final point has to do with Bitcoin. All ransoms are to be paid with Bitcoin and this is due to the security and anonymity provided. This is something we will be discussing at great length going forward. For now, just know that Bitcoin plays a role in this RansomWare scheme.

So What Should You Be Doing?

  1. First, get educated. Here is some information about RansomWare that Microsoft has posted which contains basic explanations and FAQs.
  2. If you were infected, there are some specific protocols you should be following. First, if you have an IT Department, check with them immediately. If not, find a trusted professional source. has a pretty thorough writeup on how to minimize the damage and ultimately remove the RansomWare. This article contains some very helpful information, explanations, and even a timeline of how the infection has spread.
  3. If you were not infected but have a Windows computer and want to make certain that you aren’t, you need to apply the Microsoft-provided patch to your system. Learn about it from PCWorld. One thing to know is that Windows 10 systems were not targeted (at least not with this version). Businesses can add additional layers of protection by disabling the Server Message Block, but this is for professionals.
  4. Always install the patches and updates offered by your software and hardware providers. These are designed to eliminate found vulnerabilities. If your computer is to old for patching, find a way to upgrade.
  5. It appears that those infected have already been alerted with a ransom note. RansomWare, however, often sits undetected for a long period so that backups are compromised as well before the ransom is demanded. Therefore, you should have a good antivirus protocol to monitor for risks and protect against threats. There are many commercially available services. One that is free and has been reviewed by PC Magazine is Cybereason.
  6. We have said this before but it is wroth repeating. Don’t take everything electronically. Keep paper copies of important documents, receipts, brokerage and bank statements. Even if you aren’t compromised, what happens if your bank is? How will you prove what you have unless you have documentation?
  7. Learn good cyber hygiene. This means that you must be very careful when web surfing. Don’t go to strange or compromised websites. Use strong passwords. Change the default passwords on routers and peripherals. Beware when using thumb drives as these can carry infections. Don’t automatically open attachments. Never open attachments from strangers without first understanding the source and purpose. Don’t even open them from those you trust unless you can separately verify that they were sent by the one you trust. There are too many examples of hacked or spoofed email addresses that seem familiar but are really just spreading malware. Don’t click on links in emails even from trusted sources. At the minimum you should “roll your mouse” over the link and make certain it points to a legitimate location. These are the very basics.

Even if you follow all the rules, many risks will remain. Because so much of our lives now resides in cyberspace, this is a serious problem. We believe that the next war will be CyberEconomic. Yet, despite all of this, we have hope. That is because we take to heart the words of Jesus found in Matthew Chapter 6 (verses 19-20):

“Lay not up for yourselves treasures upon earth, where moth and rust doth corrupt, and where thieves break through and steal: But lay up for yourselves treasures in heaven, where neither moth nor rust doth corrupt, and where thieves do not break through nor steal: For where your treasure is, there will your heart be also.”

Now, just insert the 21st Century addition: “Don’t put your treasure where hackers can hack.” The really good news is that RansomWare might lock up your family photos or even your work files. But it can’t interfere with your relationships or your trust in God which should be your true treasures.

Previous post:

Next post: